Bitcoin is always striving to improve as a digital payment asset. Developers working on bitcoin consider scalability, security and privacy upgrades as most integral. Upgrades in bitcoin are a coordinated effort from the community of participants.
One of the more anticipated upgrades to the bitcoin network since SegWit is the proposed Taproot upgrade. The Taproot upgrade will result in the following benefits for the users:
- Increased privacy for transactions
- Smart contracts can contain many alternate spending paths that are locked up in a script. The revealing details of the smart contract will be largely obscured. This will provide greater privacy for the users.
- Better scalability and faster verification.
- Wallets will eventually support Taproot payments. This will enable users to create more secure smart contracts that use up less storage space in a transaction block. The result of this is a faster turnaround time for verifying payments on the bitcoin network.
- Lower transaction fees
- The number of signers participating in a multi-signature payment is now reduced to only showing one signature input and one pay-to-output public address. This will result in lower transaction fees since it will now function as a single payment.
Taproot overview
Any bitcoin upgrade or change gets submitted as a Bitcoin Improvement Proposal (BIP). A BIP is a design document of a proposed upgrade improvement for the bitcoin protocol to adopt.
Factors that may impact the adoption of a BIP may be the importance or popularity of the upgrade. Any bitcoin change must also consider potential long-term benefits or drawbacks. A BIP will often take months or even years to get integrated into bitcoin’s codebase.
The Taproot upgrade is associated with the following BIPs:
- Schnorr Signatures for secp256k1 (BIP 340)
- Taproot: SegWit version 1 spending rules (BIP 341)
- Validation of Taproot Scripts (BIP 342)
Let’s take a look at each of the three main Taproot upgrade changes.
Schnorr signatures
Schnorr signatures are an enhanced cryptographic scheme in producing and verifying digital signatures. Signatures in general provide a secure way of proving bitcoin ownership without revealing the user's private key.
Bitcoin currently utilises the secure ECDSA (Elliptic Curve Digital Signature Algorithm) signature scheme. Schnorr signatures will provide benefits and enhancements to multi-signatures that ECDSA does not.
Schnorr works by enabling an aggregated signature from multiple signature inputs.
In a Schnorr multi-signature scenario, for example, 3 signatures can now combine into one threshold signature. This aggregated signature gets verified against an associated public key (threshold public key).
An m-of-n Schnorr signature can now provide unanimous consent more efficiently and optimally. Schnorr signatures will enable faster signature generation and more efficient signature verification.
Schnorr signatures will ensure another layer of added privacy. It also means that bitcoin is a protocol that enables acceptability for more than one digital signature scheme. This flexibility will benefit bitcoin in the long term, and enable backwards compatibility.
Tapscript
Each unspent transaction output in bitcoin gets locked up in a script. An unspent bitcoin amount isn't movable to any other public address until the spending conditions in the script get proven or solved.
Bitcoin's scripting language (otherwise known as Bitcoin Script) assesses and approves each payment. These payment options appear as a combination of opcodes, status codes, public keys and signatures.
Tapscript enables both Schnorr signatures and Taproot payments to get verified and approved. The script changes for Taproot will also introduce new opcodes, such as SCRIPT_VERIFY_TAPROOT. When bitcoin's scripting language reads this opcode, it will know what specific payment type it refers to, as well as what additional conditions to check for.
Taproot introduces a new output type based on the Bech32 address format (a recent address type based on SegWit). SegWit was a soft-fork change to the bitcoin network in 2017 that separated the witness data from the transaction input.
Taproot versions up from SegWit to version 1, with associated addresses now starting with bc1p. The Taproot upgrade will provide improvements to bitcoin's multi-signature interoperability. Reduced fees for multi-signature transactions are another expected benefit of the Taproot upgrade.
Taproot
Taproot is about maintaining a more compact and data-efficient format for smart contracts. Rules around spending in bitcoin outline both simple and complex spending rules that are locked up in the witness script. Spending conditions usually detail rules related to signature verification, timelocks, block height restrictions or hash comparisons.
Taproot will store these spend conditions in a compacted data type called a Merkle Tree, or MAST (Merkalized Abstract Syntax Tree). MAST is compact data summary that stores the spending conditions in a tree-like structure. The witness script will call upon details of the spending conditions when required. Taproot however will only reveal the payment condition that was redeemed.
To summarise a Taproot output or a P2TR address will contain the following:
- A version number:
- SegWit version 1
- A public key of the recipient
- Since Taproot will represent a regular payment being sent
- A public key that contains the Merkle Root
- A spending condition which was satisfied from the MAST
Saving data in a transaction via Taproot results in greater privacy and scalability. Taproot payments could also mean more payments being processed on the network. The benefit of Taproot is that none of the other spending paths is revealed from the witness script. Privacy is also improved since a Taproot payment will now look like a regular payment from Bob to Alice.
Taproot activation
Bitcoin Core v0.21.0 was released in May 2021 which included the option for miners to signal their readiness for Taproot activation in a block. The Taproot upgrade is already in the protocol itself but will not be in use in transactions and public addresses until around 15 November 2021 (block height 709632 to be exact).
Due to bitcoin’s decentralised nature, any upgrades to the bitcoin network must be carefully overseen. Upgrades like Taproot can often be a challenge for the bitcoin network to reach a consensus on. Many stakeholders rely on bitcoin from developers, miners and institutions alike. In the case of Taproot activation, it is the miners that have elective control over its activation.
Taproot activation is currently in a Speedy Trial process, which involves a three-month trial period. Taproot activation requires 90% of miner blocks during a 2016-block period (about 2 weeks) to signal readiness. Should it fail to reach 90% activation within any current 2016-block period, it will restart from the next 2016-block period. Taproot has since passed its activation period.
SlushPool was the first miner group to signal Taproot activation:
The miner used the version number 0x2f900004 in the coinbase transaction. The trailing '4' on the version number was a modifiable bit that signals readiness for the Taproot upgrade.
Conclusion
When activated in November this year, it’s expected that only a small handful of users will gain benefit from Taproot. As more wallets introduce Taproot payment features, users will be able to utilise and explore more of its payment features. Developers anticipate that the benefits of the Taproot upgrade will be more clear over time.
Improving bitcoin as a digital asset relies on continual updates to the underlying technology and codebase. Along with the Lightning Network as a payment channel, Taproot will help bitcoin maintain its reputation as a reliable and secure digital asset into the foreseeable future.